{ "type": "bundle", "id": "bundle--d427c9c0-5416-4f00-980b-b8ab9f09d946", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--2764b27d-9e36-419c-b1e3-dd5da021229e", "created": "2025-10-01T06:07:58.678038Z", "modified": "2025-10-01T06:07:58.678072Z", "name": "Siddhant", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--ea64f973-73f1-4e82-ba45-15d7a52d33c1", "value": "websecuritynotices.com" }, { "type": "url", "spec_version": "2.1", "id": "url--ff4cd530-75cd-43e9-bee0-2703d0b79114", "value": "https://download.sponetcloud.com/log/" }, { "type": "url", "spec_version": "2.1", "id": "url--8db0ccae-6f00-4108-8867-da76057df9a6", "value": "https://websecuritynotices.com/request.php?i=BASE64_EMAIL&dot.png" }, { "type": "url", "spec_version": "2.1", "id": "url--07ec4b9c-6807-439f-aa7a-97d8efdfb63e", "value": "https://www.websecuritynotices.com/log/" }, { "type": "url", "spec_version": "2.1", "id": "url--d0fea050-0a0e-4140-996e-74a62b3abadb", "value": "https://download.sponetcloud.com/generator.php" }, { "type": "url", "spec_version": "2.1", "id": "url--b2a2574b-3f90-438a-a602-6b9fbe0091c6", "value": "https://www.websecuritynotices.com/generator.php" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5679cc9a-a273-40e5-a6ac-c9f953a7ca42", "value": "download.sponetcloud.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--55eaa6cf-1e2b-40c4-be0f-05d4876220e7", "value": "sponetcloud.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--eb7ab603-0bbc-4919-b33f-fcf26d90d9c9", "value": "149.87.155.12" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f9055108-c9fc-4ee3-99d3-daa9af2af8eb", "value": "210.117.199.101" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--e8323e24-08d2-41bc-98b7-3f385c2ab548", "value": "79.110.55.3" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--182dc180-b308-4cc5-82d8-964d2f73cc3f", "value": "79.110.55.5" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5cc09e2a-9bc9-4755-9108-5f525458ff85", "value": "52.228.152.193" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--634bb5ac-5bc9-4682-b955-2838c68d9cb4", "value": "47.236.172.160" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f474d56c-5961-4e35-94ab-b4ca5f0b4571", "value": "79.110.55.14" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8da0b31a-ae7b-46cc-8532-a3edbaf473eb", "value": "79.110.55.10" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--c66fc6e9-84af-433c-9015-1cbfdd67e839", "value": "185.194.178.6" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--14bf8f53-454e-4a5c-9cbf-1ea80e237061", "value": "79.110.55.11" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b98b172c-4a9b-4aff-836e-3815d6a156a0", "value": "1.221.137.163" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--9e47cf68-5641-4949-b176-80b3779d2710", "value": "185.194.178.17" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--e0a00fe7-d3d2-4940-b533-866a6c0edc2f", "value": "194.50.16.252" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--259f8a9c-f3c6-4a54-8588-86057f4f0745", "value": "185.219.141.231" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T20:27:51.165561Z", "modified": "2026-06-24T20:27:51.165561Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--13f3ab03-8292-4f52-89b3-9d8ace1183ee", "created_by_ref": "identity--2764b27d-9e36-419c-b1e3-dd5da021229e", "created": "2026-06-24T20:27:51.168185Z", "modified": "2026-06-24T20:27:51.168185Z", "name": "Kimsuky/APT43 Phishing Infrastructure: A Technical Evolution", "published": "2025-09-30T00:00:00Z", "object_refs": [ "identity--2764b27d-9e36-419c-b1e3-dd5da021229e", "domain-name--ea64f973-73f1-4e82-ba45-15d7a52d33c1", "url--ff4cd530-75cd-43e9-bee0-2703d0b79114", "url--8db0ccae-6f00-4108-8867-da76057df9a6", "url--07ec4b9c-6807-439f-aa7a-97d8efdfb63e", "url--d0fea050-0a0e-4140-996e-74a62b3abadb", "url--b2a2574b-3f90-438a-a602-6b9fbe0091c6", "domain-name--5679cc9a-a273-40e5-a6ac-c9f953a7ca42", "domain-name--55eaa6cf-1e2b-40c4-be0f-05d4876220e7", "ipv4-addr--eb7ab603-0bbc-4919-b33f-fcf26d90d9c9", "ipv4-addr--f9055108-c9fc-4ee3-99d3-daa9af2af8eb", "ipv4-addr--e8323e24-08d2-41bc-98b7-3f385c2ab548", "ipv4-addr--182dc180-b308-4cc5-82d8-964d2f73cc3f", "ipv4-addr--5cc09e2a-9bc9-4755-9108-5f525458ff85", "ipv4-addr--634bb5ac-5bc9-4682-b955-2838c68d9cb4", "ipv4-addr--f474d56c-5961-4e35-94ab-b4ca5f0b4571", "ipv4-addr--8da0b31a-ae7b-46cc-8532-a3edbaf473eb", "ipv4-addr--c66fc6e9-84af-433c-9015-1cbfdd67e839", "ipv4-addr--14bf8f53-454e-4a5c-9cbf-1ea80e237061", "ipv4-addr--b98b172c-4a9b-4aff-836e-3815d6a156a0", "ipv4-addr--9e47cf68-5641-4949-b176-80b3779d2710", "ipv4-addr--e0a00fe7-d3d2-4940-b533-866a6c0edc2f", "ipv4-addr--259f8a9c-f3c6-4a54-8588-86057f4f0745", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://medium.com/@siddhantalokmishra/kimsuky-apt43-phishing-infrastructure-a-technical-evolution-5b4653c5c99b" } ] } ] }